Plain language. Formal review pending.Privacy that's actually private.
Architecture, not promises.
Five bullets first. Then the operational detail. The formal long-form Privacy Policy is undergoing counsel review before public-launch broadcast; the plain-language stance below is what we mean and what the architecture enforces today.
Journal Genie is in early access. The core product is materially landed; broad public-launch hardening continues. We say so on every page so you can decide for yourself.
The plain-language stanceWhat you can hold us to, in five sentences.
- We do not train AI on your journals, sources, or chats. Not now, not ever. We have not opted in to model-provider training. The "no training" stance is contractual with our partners.
- We do not sell your data. Not to advertisers. Not to data brokers. Not to "research partners." Period.
- We do not run ads. There are no ads in Journal Genie. There will not be ads in Journal Genie.
- You can export your entire account — notebooks, journals, surveys, Studio artifacts — in plain markdown, one click, anytime. You can delete your account and we send you proof within seven business days.
- We are based in Alabama, USA, operating as Yotta-Byte Labs. We comply with applicable US privacy law and the GDPR for users in the EU.
What we store
- Notebook contents, journal entries, Surveys answers, Studio artifacts, and account state — all account-backed. Encrypted at rest. Encrypted in transit.
- Browser cache for speed. Clearing local storage clears the convenience layer, not your work. Your work hydrates back from the account on next sign-in.
- Reward / points ledger — what you earned, when. No third-party tracking attached.
- Auth + session state via Supabase. Standard cookie-based session handling, with Secure + HttpOnly + SameSite=Lax on the auth cookies.
How we use it
- To operate the product features you ask for: authentication, notebooks, journal, Surveys, export, and billing.
- To generate AI responses and survey questions using the context you selected or explicitly included. We send the request + retrieved context to OpenAI per call; the request is not used for training.
- To secure, debug, and improve the service — never to mine your private content for marketing copy or training signals.
- To send you transactional emails (password reset, billing receipts, account confirmations). No marketing email by default.
What we won't claim
- We do not claim SOC 2, ISO 27001, or HIPAA. We may pursue them later; we will not fake them now.
- We do not claim "your data never leaves our systems" — third-party processors (Supabase, OpenAI, Stripe, Sentry, Better Stack) are real and named. See /trust for the full processor list.
- We do not claim instant or universal deletion. Deletion is real and complete within seven business days; we send proof.
- We do not claim "trusted by millions." We are in early access. We say so on every page.
Request pathData access, correction, export, deletion
For data access, correction, export, deletion, or any privacy-policy follow-up, email privacy@journal-genie.com. The inbox is operationally verified and routes to the founder. We acknowledge within five business days and complete most requests within seven. For non-sensitive product bugs, GitHub issues remains an option — keep journal content, billing detail, and account-sensitive data out of public threads.